Error Handling
FHIR-based queries may return errors that affect data retrieval, paging, or downstream workflows. Health Gorilla APIs use standard HTTP status codes and include an OperationOutcome resource in the response body to explain issues in detail. Understanding how to interpret and respond to these errors is essential for building reliable data access workflows.
Common HTTP Error Codes
| Status Code | Meaning | Notes |
|---|---|---|
| 400 Bad Request | The request was malformed or included invalid parameters | Check for missing or unsupported query parameters |
| 401 Unauthorized | Authentication failed or access token is invalid | Ensure the token is present, not expired, and correctly scoped |
| 403 Forbidden | The token is valid but the action is not permitted | Check OAuth scopes, user role permissions, and record-level restrictions |
| 404 Not Found | The requested resource or patient does not exist | May indicate an invalid patient ID or missing resource |
| 409 Conflict | The request conflicts with the current state of the resource | Often caused by duplicate data or idempotency key reuse |
| 422 Unprocessable Entity | The server understood the request but could not process it | Payload may be missing fields, invalid, or reference a non-existent resource |
| 429 Too Many Requests | Request rate limits were exceeded | See the Retry-After header to determine wait time before retrying |
| 500 Internal Server Error | Unexpected error in Health Gorilla backend | Retry or contact support if persistent |
| 502 Bad Gateway | Communication problem between servers in the request chain | Usually transient, retry after delay |
| 504 Gateway Timeout | The request took too long to complete | Retry with async request model if supported |
Interpreting OperationOutcome
Each error response includes a FHIR OperationOutcome resource that describes the issue.
Key fields include:
issue.severity: usuallyerrororfatalissue.code: a standardized error code (e.g.,invalid,forbidden,not-found)diagnostics: human-readable explanation of the error
Example:
{
"resourceType": "OperationOutcome",
"issue": [
{
"severity": "error",
"code": "invalid",
"diagnostics": "Parameter 'date' is not supported for this resource type"
}
]
}
Retry and Recovery Guidance
- Include the
X-Request-Idheader in all requests to support debugging. - Log the
X-Hg-Request-Idand any returned correlation ID for tracking. - Retry logic should be applied only for transient errors such as
429or network timeouts. - Do not retry automatically on errors such as
400,403, or404without user or system review.
R4 v STU3 Considerations
- The structure of
OperationOutcomeis the same across R4 and STU3. - Supported error codes and diagnostics may vary slightly depending on version and resource type.
- Rate limiting (
429) applies in both versions but thresholds and enforcement may differ by environment.